< Back to JetLib.com

management

« Expand/Collapse

232 items tagged "management"

May 18, 2012
7:25
Epicor Returns Management SOAP-Based Blind SQL Injection
» ‎ Packet Storm Security Advisories

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
Tags: epicor management sql exploitation-techniques returns-management backend-database

7:25
Epicor Returns Management SOAP-Based Blind SQL Injection
» ‎ Packet Storm Security Recent Files

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
Tags: epicor management sql exploitation-techniques returns-management backend-database

7:25
Epicor Returns Management SOAP-Based Blind SQL Injection
» ‎ Packet Storm Security Misc. Files

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
Tags: epicor management sql exploitation-techniques returns-management backend-database

May 11, 2012
2:00
Bugtraq: ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities
Tags: multiple management rights emc-documentum rights-management vulnerabilities

May 01, 2012
14:27
PHP Volunteer Management 1.0.2 SQL Injection
» ‎ Packet Storm Security Exploits

PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
Tags: volunteer php management volunteer-management management-version vulnerability

14:27
PHP Volunteer Management 1.0.2 SQL Injection
» ‎ Packet Storm Security Recent Files

PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
Tags: volunteer php management volunteer-management management-version vulnerability

14:27
PHP Volunteer Management 1.0.2 SQL Injection
» ‎ Packet Storm Security Misc. Files

PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
Tags: volunteer php management volunteer-management management-version vulnerability

April 30, 2012
7:22
PHP Volunteer Management 1.0.2 SQL Injection
» ‎ Packet Storm Security Exploits

PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
Tags: volunteer php management volunteer-management management-version vulnerability

7:22
PHP Volunteer Management 1.0.2 SQL Injection
» ‎ Packet Storm Security Recent Files

PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
Tags: volunteer php management volunteer-management management-version vulnerability

7:22
PHP Volunteer Management 1.0.2 SQL Injection
» ‎ Packet Storm Security Misc. Files

PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
Tags: volunteer php management volunteer-management management-version vulnerability

April 26, 2012
12:12
Bugtraq: PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities
Tags: multiple management volunteer-management vulnerabilities
April 18, 2012
0:00
Vuln: HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
Tags: cross management system hp-system management-homepage forgery
April 11, 2012
0:00
Vuln: HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
Tags: cross management system hp-system management-homepage forgery
March 06, 2012
8:00
Bugtraq: [TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection
» ‎ SecurityFocus Vulnerabilities

[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection
Tags: bugtraq management command o.s.-command management-interface web-management tsi

March 05, 2012
8:37
Polycom Web Management Interface Command Injection
» ‎ Packet Storm Security Exploits

The Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.
Tags: polycom web management model-g3 interface-command management-interface

8:37
Polycom Web Management Interface Command Injection
» ‎ Packet Storm Security Recent Files

The Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.
Tags: polycom web management model-g3 interface-command management-interface

8:37
Polycom Web Management Interface Command Injection
» ‎ Packet Storm Security Misc. Files

The Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.
Tags: polycom web management model-g3 interface-command management-interface

8:34
Polycom Web Management Interface Directory Traversal
» ‎ Packet Storm Security Exploits

The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.
Tags: polycom web management directory-traversal-vulnerability model-g3 management-interface

8:34
Polycom Web Management Interface Directory Traversal
» ‎ Packet Storm Security Recent Files

The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.
Tags: polycom web management directory-traversal-vulnerability model-g3 management-interface

8:34
Polycom Web Management Interface Directory Traversal
» ‎ Packet Storm Security Misc. Files

The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.
Tags: polycom web management directory-traversal-vulnerability model-g3 management-interface

February 26, 2012
6:36
IOU management for roommate chores
» ‎ Hack a Day

[Chris] shares a dorm room with five other people. When living with others its important to stay on top of cleaning and to do so equitably the sextuplet came up with a well-planned whiteboard of chores. The problem lies in getting everyone to do theirs in a timely manner. To help facilitate this, [Chris] came [...]
Tags: management roommate iou chris sextuplet living-with-others whiteboard home hacks

January 15, 2012
4:12
Cloupia End-To-End FlexPod Management Directory Traversal
» ‎ Packet Storm Security Exploits

Cloupia End-To-End FlexPod management suffers from a directory traversal vulnerability. jQuery File Tree is a configurable, AJAX file browser plugin for the jQuery javascript library utilized within the Cloupia application framework. Unauthenticated access to this module allows a remote attacker to browse the entire file system of the host server, beyond the realm of the web service itself.
Tags: cloupia management flexpod directory-traversal-vulnerability jquery-javascript-library host-server

4:12
Cloupia End-To-End FlexPod Management Directory Traversal
» ‎ Packet Storm Security Recent Files

Cloupia End-To-End FlexPod management suffers from a directory traversal vulnerability. jQuery File Tree is a configurable, AJAX file browser plugin for the jQuery javascript library utilized within the Cloupia application framework. Unauthenticated access to this module allows a remote attacker to browse the entire file system of the host server, beyond the realm of the web service itself.
Tags: cloupia management flexpod directory-traversal-vulnerability jquery-javascript-library host-server

4:12
Cloupia End-To-End FlexPod Management Directory Traversal
» ‎ Packet Storm Security Misc. Files

Cloupia End-To-End FlexPod management suffers from a directory traversal vulnerability. jQuery File Tree is a configurable, AJAX file browser plugin for the jQuery javascript library utilized within the Cloupia application framework. Unauthenticated access to this module allows a remote attacker to browse the entire file system of the host server, beyond the realm of the web service itself.
Tags: cloupia management flexpod directory-traversal-vulnerability jquery-javascript-library host-server

January 09, 2012
21:35
[Slides] Do Enterprise Management Applications Dream of Electric Sheep?
» ‎ SecDocs

Authors: Dave Goldsmith Tom Ptacek
Tags: security
Event: Black Hat USA 2006

Tags: dream management enterprise tom-ptacek dave-goldsmith usa enterprise-management-applications dream-of-electric-sheep ptacek

12:27
Advanced File Management 1.4 Cross Site Scripting
» ‎ Packet Storm Security Exploits

Advanced File Management version 1.4 suffers from a cross site scripting vulnerability.
Tags: file management advanced management-version file-management vulnerability

January 04, 2012
14:00
[webapps / 0day] - Base Content Management System Lennox Industries - Blind SQL Injection
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Base Content Management System Lennox Industries - Blind SQL Injection
Tags: management day webapps --base content-management-system sql-injection

January 03, 2012
12:23
OpenKM Document Management System 5.1.7 Command Execution
» ‎ Packet Storm Security Exploits

OpenKM Document Management System version 5.1.7 suffers from a remote command execution vulnerability.
Tags: management document openkm document-management-system command-execution vulnerability

12:23
OpenKM Document Management System 5.1.7 Command Execution
» ‎ Packet Storm Security Recent Files

OpenKM Document Management System version 5.1.7 suffers from a remote command execution vulnerability.
Tags: management document openkm document-management-system command-execution vulnerability

12:23
OpenKM Document Management System 5.1.7 Command Execution
» ‎ Packet Storm Security Misc. Files

OpenKM Document Management System version 5.1.7 suffers from a remote command execution vulnerability.
Tags: management document openkm document-management-system command-execution vulnerability

12:22
OpenKM Document Management System 5.1.7 Privilege Escalation
» ‎ Packet Storm Security Exploits

OpenKM Document Management System version 5.1.7 suffers from an authenticated privilege escalation vulnerability.
Tags: management document openkm document-management-system privilege-escalation-vulnerability escalation

12:22
OpenKM Document Management System 5.1.7 Privilege Escalation
» ‎ Packet Storm Security Recent Files

OpenKM Document Management System version 5.1.7 suffers from an authenticated privilege escalation vulnerability.
Tags: management document openkm document-management-system privilege-escalation-vulnerability escalation

12:22
OpenKM Document Management System 5.1.7 Privilege Escalation
» ‎ Packet Storm Security Misc. Files

OpenKM Document Management System version 5.1.7 suffers from an authenticated privilege escalation vulnerability.
Tags: management document openkm document-management-system privilege-escalation-vulnerability escalation

December 16, 2011
0:00
Vuln: HP Application Lifestyle Management 'GetInstalledPackages' Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP Application Lifestyle Management 'GetInstalledPackages' Local Privilege Escalation Vulnerability
Tags: management escalation getinstalledpackages privilege-escalation-vulnerability lifestyle-management local-privilege-escalation

December 14, 2011
12:24
HP iNode Management Center iNodeMngChecker.exe Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C/3Com iNode Management Center.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: center management inode exe-code code-execution safer-use

December 08, 2011
9:01
Bugtraq: 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11
» ‎ SecurityFocus Vulnerabilities

0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11
Tags: management escalation vulnerability privilege-escalation-vulnerability lifestyle-management

8:40
HP Application Lifestyle Management Platform 11 Code Execution
» ‎ Packet Storm Security Exploits

HP Application Lifestyle Management (ALM) Platform version 11 suffers from a local root privilege escalation vulnerability.
Tags: management code execution root-privilege privilege-escalation-vulnerability lifestyle-management

8:40
HP Application Lifestyle Management Platform 11 Code Execution
» ‎ Packet Storm Security Recent Files

HP Application Lifestyle Management (ALM) Platform version 11 suffers from a local root privilege escalation vulnerability.
Tags: management code execution root-privilege privilege-escalation-vulnerability lifestyle-management

8:40
HP Application Lifestyle Management Platform 11 Code Execution
» ‎ Packet Storm Security Misc. Files

HP Application Lifestyle Management (ALM) Platform version 11 suffers from a local root privilege escalation vulnerability.
Tags: management code execution root-privilege privilege-escalation-vulnerability lifestyle-management

December 06, 2011
15:53
Red Hat Security Advisory 2011-1533-04
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2011-1533-04 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments. A Cross-Site Request Forgery flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.
Tags: hat management red command-line-interfaces centralized-authentication red-hat-security

15:53
Red Hat Security Advisory 2011-1533-04
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2011-1533-04 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments. A Cross-Site Request Forgery flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.
Tags: hat management red command-line-interfaces centralized-authentication red-hat-security

15:53
Red Hat Security Advisory 2011-1533-04
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2011-1533-04 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments. A Cross-Site Request Forgery flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.
Tags: hat management red command-line-interfaces centralized-authentication red-hat-security

December 03, 2011
0:00
Vuln: HP System Management Homepage (CVE-2011-1541) Remote Unauthorized Access Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage (CVE-2011-1541) Remote Unauthorized Access Vulnerability
Tags: system management homepage hp-system management-homepage cve
0:00
Vuln: HP System Management Homepage (CVE-2011-1540) Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage (CVE-2011-1540) Remote Code Execution Vulnerability
Tags: management system remote hp-system code-execution management-homepage

November 17, 2011
14:44
[Slides] Digital Rights Management Legal Briefing
» ‎ SecDocs

Authors: Jennifer Granick
Tags: law DRM
Event: Black Hat Windows Security 2002

Tags: digital management rights jennifer-granick digital-rights-management security-2002

November 14, 2011
14:00
[webapps / 0day] - Authenex A-Key/ASAS Web Management Control 3.1.0.2 (latest)
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Authenex A-Key/ASAS Web Management Control 3.1.0.2 (latest)
Tags: management day webapps web-management management-control asas

November 04, 2011
22:51
[Slides] Systems Management in an Untrusted Network
» ‎ SecDocs

Authors: Cory Scott
Tags: security network
Event: Black Hat USA 2001

Tags: untrusted network management scott-tags usa untrusted-network black-hat security-network

November 03, 2011
15:05
CmyDocument Content Management Cross Site Scripting
» ‎ Packet Storm Security Exploits

CmyDocument Content Management suffers from multiple cross site scripting vulnerabilities.
Tags: cross management site cross-site-scripting content-management

15:05
CmyDocument Content Management Cross Site Scripting
» ‎ Packet Storm Security Recent Files

CmyDocument Content Management suffers from multiple cross site scripting vulnerabilities.
Tags: cross management site cross-site-scripting content-management

15:05
CmyDocument Content Management Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

CmyDocument Content Management suffers from multiple cross site scripting vulnerabilities.
Tags: cross management site cross-site-scripting content-management

13:00
Bugtraq: CmyDocument Content Management Application - XSS Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

CmyDocument Content Management Application - XSS Vulnerabilities
Tags: management content-management-application
November 01, 2011
14:00
Bugtraq: Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability
Tags: management oracle tlist code-execution oracle-hyperion bugtraq
October 25, 2011
0:00
Vuln: RETIRED: SAP Management Console OSExecute Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

RETIRED: SAP Management Console OSExecute Remote Code Execution Vulnerability
Tags: management sap retired sap-management code-execution vulnerability

October 24, 2011
11:15
SAP Management Console OSExecute Payload Execution
» ‎ Packet Storm Security Exploits

This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
Tags: console management sap valid-username soap execution

11:15
SAP Management Console OSExecute Payload Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
Tags: console management sap valid-username soap execution

11:15
SAP Management Console OSExecute Payload Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
Tags: console management sap valid-username soap execution

October 21, 2011
11:00
Bugtraq: TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites
» ‎ SecurityFocus Vulnerabilities

TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites
Tags: management teamshatter security security-advisory account-management bugtraq

October 19, 2011
14:00
[webapps / 0day] - fims File Management System
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - fims File Management System
Tags: management day webapps management-system

October 18, 2011
21:44
File Management System 1.2.1a File Download
» ‎ Packet Storm Security Exploits

File Management System versions 1.2.1a and below suffer from a remote SQL injection vulnerability that allows for arbitrary file download.
Tags: system file management file-management-system sql-injection system-versions

21:44
File Management System 1.2.1a File Download
» ‎ Packet Storm Security Recent Files

File Management System versions 1.2.1a and below suffer from a remote SQL injection vulnerability that allows for arbitrary file download.
Tags: system file management file-management-system sql-injection system-versions

21:44
File Management System 1.2.1a File Download
» ‎ Packet Storm Security Misc. Files

File Management System versions 1.2.1a and below suffer from a remote SQL injection vulnerability that allows for arbitrary file download.
Tags: system file management file-management-system sql-injection system-versions

October 11, 2011
0:00
Vuln: Member Management System 'index.asp' Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

Member Management System 'index.asp' Cross Site Scripting Vulnerability
Tags: system management member member-management-system system-index vulnerability

September 30, 2011
11:16
[Slides] (In)Security in Network Management
» ‎ SecDocs

Authors: Jeremy Rauch
Tags: security network
Event: Black Hat Asia 2003

Tags: network management security jeremy-rauch asia management-authors black-hat

September 25, 2011
17:04
3COM/H3C Intelligent Management Center img recv Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: com management intelligent intelligent-management code-execution safer-use

September 15, 2011
9:00
Bugtraq: Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities
Tags: solution management ciscoworks cisco-security lan-management-solution cisco-security-advisory ciscoworks-lan-management-solution

8:20
Where have you been!?
» ‎ Carnal0wnage

I've been busy... :-(

But i do have some upcoming conference speaking engagements coming up.

So. If you are heading to BruCon

catch me and Joe McCray talk about Pentesting High Security Environments.

If you are heading to DerbyCon

Catch me and Rob Fuller talk about The Dirty Little Secrets They Didn’t Teach You In Pentesting Class

Lastly, if you'll be in Switzerland for Hashdays

You can catch me talk about From Low to Pwned.

I'll also be giving a talk at the Management workshop on Information Operations for Management (sorry the info isn't on the site yet but should be here https://www.hashdays.ch/management-session.html at some point).

I'm sure there will be more stuff in November/December its just not scheduled yet.
Tags: talk management Pentesting joe-mccray rob-fuller switzerland dirty-little-secrets security-environments speaking-engagements carnal0wnage

September 12, 2011
13:05
[Paper] The Emperor Has No Clothes: Insecurities in Security Infrastructure
» ‎ SecDocs

Authors: Ben Feinstein Dan King Jeff Jarmoc
Tags: network
Event: Black Hat USA 2010
Abstract: Your security infrastructure (firewalls, IDS/IPS devices, management consoles, etc.) holds a very sensitive position of trust. This equipment is relied upon to reliably perform security critical functions under potentially hostile conditions. These are highly valuable assets to an attacker, yet their value is sometimes not captured by conventional risk management. This presentation will explore several new vulnerabilities and weaknesses in these products, with the goal of offering useful recommendations and approaches for mitigating the risk. This presentation explores a series of vulnerabilities and weaknesses in security infrastructure that we discovered and responsibly disclosed. We’re in the business of managing and monitoring this gear for our clients, so we have great familiarity with all aspects of its operation. We've found that security infrastructure appears to be just as prone to security vulnerabilities as other commercial software, if not more so. Daniel King discovered McAfee Network Security Manager (the web-based management appliance for McAfee IPS sensors) was vulnerable to authentication bypass / session hijacking (CVE-2009-3565) and cross-site scripting (CVE-2009-3566) vulnerabilities. We’ll demonstrate a proof-of-concept attack scenario that blends these vulnerabilities to gain unauthorized access to the NSM web management interface through cookie stealing and hijacking an administrator’s session. Jeff Jarmoc discovered an access-control list (ACL) bypass vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco PIX (CVE-2009-1160, Cisco Bug ID CSCsq91277). These devices would fail to apply the expected implicit deny behavior for packets that did not match any ACEs in an ACL. The TLS renegotiation vulnerability publicly disclosed in November 2009 (CVE-2009-3555) impacted many products, including Cisco Adaptive Security Device Manager (ASDM) (Cisco Bug ID CSCtd00697). We will demonstrate a never before seen proof-of-concept attack that exploits the TLS authentication gap to achieve arbitrary command injection against the Cisco ASDM web-based management interface. A man-in-the-middle may arbitrarily manipulate the ASA policies managed by an ASDM by exploiting the TLS authentication gap. Cisco fixed this in a general deployment release on January 11, 2010 with version 8.2(2). If you haven’t patched before seeing this demo, you will want to afterward! Using these vulnerabilities and weaknesses as illustrative examples, we will offer real-world recommendations for on how to better secure your organization’s security infrastructure. Some recommendations include ruling your security infrastructure as within scope during penetration testing and security assessment activities, including product security in your organization’s purchasing and product evaluation processes, and somewhat ironically, deployment of security products in the role of compensating controls for potential vulnerabilities in other parts of your organization’s security infrastructure.
Tags: management security infrastructure cisco-asdm daniel-king dan-king cisco-adaptive jeff-jarmoc cisco-pix cisco-bug ben-feinstein
13:05
[Slides] The Emperor Has No Clothes: Insecurities in Security Infrastructure
» ‎ SecDocs

Authors: Ben Feinstein Dan King Jeff Jarmoc
Tags: network
Event: Black Hat USA 2010
Abstract: Your security infrastructure (firewalls, IDS/IPS devices, management consoles, etc.) holds a very sensitive position of trust. This equipment is relied upon to reliably perform security critical functions under potentially hostile conditions. These are highly valuable assets to an attacker, yet their value is sometimes not captured by conventional risk management. This presentation will explore several new vulnerabilities and weaknesses in these products, with the goal of offering useful recommendations and approaches for mitigating the risk. This presentation explores a series of vulnerabilities and weaknesses in security infrastructure that we discovered and responsibly disclosed. We’re in the business of managing and monitoring this gear for our clients, so we have great familiarity with all aspects of its operation. We've found that security infrastructure appears to be just as prone to security vulnerabilities as other commercial software, if not more so. Daniel King discovered McAfee Network Security Manager (the web-based management appliance for McAfee IPS sensors) was vulnerable to authentication bypass / session hijacking (CVE-2009-3565) and cross-site scripting (CVE-2009-3566) vulnerabilities. We’ll demonstrate a proof-of-concept attack scenario that blends these vulnerabilities to gain unauthorized access to the NSM web management interface through cookie stealing and hijacking an administrator’s session. Jeff Jarmoc discovered an access-control list (ACL) bypass vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco PIX (CVE-2009-1160, Cisco Bug ID CSCsq91277). These devices would fail to apply the expected implicit deny behavior for packets that did not match any ACEs in an ACL. The TLS renegotiation vulnerability publicly disclosed in November 2009 (CVE-2009-3555) impacted many products, including Cisco Adaptive Security Device Manager (ASDM) (Cisco Bug ID CSCtd00697). We will demonstrate a never before seen proof-of-concept attack that exploits the TLS authentication gap to achieve arbitrary command injection against the Cisco ASDM web-based management interface. A man-in-the-middle may arbitrarily manipulate the ASA policies managed by an ASDM by exploiting the TLS authentication gap. Cisco fixed this in a general deployment release on January 11, 2010 with version 8.2(2). If you haven’t patched before seeing this demo, you will want to afterward! Using these vulnerabilities and weaknesses as illustrative examples, we will offer real-world recommendations for on how to better secure your organization’s security infrastructure. Some recommendations include ruling your security infrastructure as within scope during penetration testing and security assessment activities, including product security in your organization’s purchasing and product evaluation processes, and somewhat ironically, deployment of security products in the role of compensating controls for potential vulnerabilities in other parts of your organization’s security infrastructure.
Tags: management security infrastructure cisco-asdm daniel-king dan-king cisco-adaptive jeff-jarmoc cisco-pix cisco-bug ben-feinstein

August 22, 2011
0:00
Vuln: Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation Vulnerability
Tags: management symantec service privilege-escalation-vulnerability symantec-antivirus corporate-ed

August 16, 2011
16:23
Check Point Security Management Symlink Vulnerabilities
» ‎ Packet Storm Security Advisories

Check Point Security Management Products suffer from multiple symlink vulnerabilities. Due to the combination of inadequate file checks, predictable file names and writing of temporary configuration files to /tmp it is possible for a unprivileged local user to exploit the post-installation script to overwrite arbitrary files on the security management system through symlink following. The script also contains a second-order symlink vulnerability which makes it possible for an attacker to gain control of the SMS configuration file: $FWDIR/conf/sofaware/SWManagementServer.ini.
Tags: symlink management security security-management-products security-management-system sms-configuration

16:23
Check Point Security Management Symlink Vulnerabilities
» ‎ Packet Storm Security Recent Files

Check Point Security Management Products suffer from multiple symlink vulnerabilities. Due to the combination of inadequate file checks, predictable file names and writing of temporary configuration files to /tmp it is possible for a unprivileged local user to exploit the post-installation script to overwrite arbitrary files on the security management system through symlink following. The script also contains a second-order symlink vulnerability which makes it possible for an attacker to gain control of the SMS configuration file: $FWDIR/conf/sofaware/SWManagementServer.ini.
Tags: symlink management security security-management-products security-management-system sms-configuration

16:23
Check Point Security Management Symlink Vulnerabilities
» ‎ Packet Storm Security Misc. Files

Check Point Security Management Products suffer from multiple symlink vulnerabilities. Due to the combination of inadequate file checks, predictable file names and writing of temporary configuration files to /tmp it is possible for a unprivileged local user to exploit the post-installation script to overwrite arbitrary files on the security management system through symlink following. The script also contains a second-order symlink vulnerability which makes it possible for an attacker to gain control of the SMS configuration file: $FWDIR/conf/sofaware/SWManagementServer.ini.
Tags: symlink management security security-management-products security-management-system sms-configuration

August 15, 2011
8:51
[Video] Identity and Access Management - Get your User-Accesses under Control!
» ‎ SecDocs

Authors: Rik Van Bruggen
Tags: authentication identity management
Event: Hashdays 2010
Abstract: Strengthened User-Authentication, streamlined Application-Access, enhanced Productivity and simplified Compliance-Reporting - Security Experiences and Live-Demo with Imprivata OneSign.
Tags: access identity management van-bruggen streamlined-application reporting-security

July 21, 2011
7:00
Bugtraq: Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities
Tags: management series cisco-security cisco-security-advisory security-appliances management-interface
June 17, 2011
0:00
Vuln: Cisco RVS4000/WRVS4400N Web Management Interface Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Cisco RVS4000/WRVS4400N Web Management Interface Information Disclosure Vulnerability
Tags: management rvs cisco information-disclosure-vulnerability management-interface web-management
0:00
Vuln: Cisco RVS4000/WRVS4400N Web Management Interface Remote Command Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Cisco RVS4000/WRVS4400N Web Management Interface Remote Command Injection Vulnerability
Tags: web management wrvs cisco-rvs management-interface web-management vulnerability
0:00
Vuln: Cisco RVS4000 and WRVS4400N Web Management Private/Public Key's Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Cisco RVS4000 and WRVS4400N Web Management Private/Public Key's Information Disclosure Vulnerability
Tags: web management wrvs cisco-rvs information-disclosure-vulnerability web-management cisco
June 13, 2011
0:00
Vuln: IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
Tags: ibm management tivoli tivoli-management-framework buffer-overflow-vulnerability stack-buffer

June 11, 2011
14:14
Symantec Alert Management System HNDLRSVC Arbitrary Command Execution Vulnerability
» ‎ SecuriTeam

An arbitrary program execution vulnerability exists in Symantec Alert Management System (AMS) service shipped with multiple Symantec products.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: symantec alert management symantec-products command-execution alert-management

June 09, 2011
21:00
[webapps / 0day] - Tele Data Contact Management Server Directory Traversal
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Tele Data Contact Management Server Directory Traversal
Tags: management day webapps tele-data server-directory

June 07, 2011
0:00
Vuln: IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
Tags: ibm management tivoli tivoli-management-framework buffer-overflow-vulnerability stack-buffer

June 06, 2011
19:47
Mevlana Content Management System SQL Injection
» ‎ Packet Storm Security Exploits

Mevlana Content Management System suffers from a remote SQL injection vulnerability.
Tags: mevlana system management content-management-system vulnerability

19:47
Mevlana Content Management System SQL Injection
» ‎ Packet Storm Security Recent Files

Mevlana Content Management System suffers from a remote SQL injection vulnerability.
Tags: mevlana system management content-management-system vulnerability

19:47
Mevlana Content Management System SQL Injection
» ‎ Packet Storm Security Misc. Files

Mevlana Content Management System suffers from a remote SQL injection vulnerability.
Tags: mevlana system management content-management-system vulnerability

May 31, 2011
0:00
Vuln: IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
Tags: ibm management tivoli tivoli-management-framework buffer-overflow-vulnerability stack-buffer
May 30, 2011
0:00
Vuln: Novell ZENworks Configuration Management ZAM File Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Novell ZENworks Configuration Management ZAM File Remote Code Execution Vulnerability
Tags: novell management remote novell-zenworks code-execution configuration-management

May 23, 2011
18:09
HP System Management Homepage Cross Site Scripting
» ‎ Packet Storm Security Exploits

HP System Management Homepage suffers from multiple cross site scripting vulnerabilities.
Tags: system management homepage hp-system management-homepage system-management

18:09
HP System Management Homepage Cross Site Scripting
» ‎ Packet Storm Security Recent Files

HP System Management Homepage suffers from multiple cross site scripting vulnerabilities.
Tags: system management homepage hp-system management-homepage system-management

18:09
HP System Management Homepage Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

HP System Management Homepage suffers from multiple cross site scripting vulnerabilities.
Tags: system management homepage hp-system management-homepage system-management

0:00
Vuln: HP System Management Homepage (SMH) URI Redirection Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage (SMH) URI Redirection Vulnerability
Tags: management system smh uri-redirection hp-system management-homepage system-management
0:00
Vuln: HP SNMP Agents and Insight Management Agents Multiple Unspecified Security Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

HP SNMP Agents and Insight Management Agents Multiple Unspecified Security Vulnerabilities
Tags: insight management snmp hp-snmp snmp-agents insight-management
0:00
Vuln: HP Insight Management Agents 'hmanics.snmp.php' Full Path Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP Insight Management Agents 'hmanics.snmp.php' Full Path Information Disclosure Vulnerability
Tags: management hmanics snmp information-disclosure-vulnerability insight-management management-agents

May 16, 2011
7:21
Vmware vSphere Management Assistant (vMA) Privilege Escalation
» ‎ Packet Storm Security Exploits

Vmware vSphere Management Assistant (vMA) suffers from a local privilege escalation vulnerability.
Tags: management vma vsphere privilege-escalation-vulnerability management-assistant local-privilege-escalation

7:21
Vmware vSphere Management Assistant (vMA) Privilege Escalation
» ‎ Packet Storm Security Recent Files

Vmware vSphere Management Assistant (vMA) suffers from a local privilege escalation vulnerability.
Tags: management vma vsphere privilege-escalation-vulnerability management-assistant local-privilege-escalation

7:21
Vmware vSphere Management Assistant (vMA) Privilege Escalation
» ‎ Packet Storm Security Misc. Files

Vmware vSphere Management Assistant (vMA) suffers from a local privilege escalation vulnerability.
Tags: management vma vsphere privilege-escalation-vulnerability management-assistant local-privilege-escalation

May 11, 2011
11:00
Bugtraq: ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability
Tags: com management intelligent code-execution intelligent-management zdi

May 09, 2011
17:53
KeyFax Response Management System 3.2.2.6 XSS / Information Disclosure
» ‎ Packet Storm Security Exploits

KeyFax Response Management System version 3.2.2.6 suffers from cross site scripting and information disclosure vulnerabilities.
Tags: response keyfax management response-management-system information-disclosure cross-site-scripting

17:53
KeyFax Response Management System 3.2.2.6 XSS / Information Disclosure
» ‎ Packet Storm Security Recent Files

KeyFax Response Management System version 3.2.2.6 suffers from cross site scripting and information disclosure vulnerabilities.
Tags: response keyfax management response-management-system information-disclosure cross-site-scripting

17:53
KeyFax Response Management System 3.2.2.6 XSS / Information Disclosure
» ‎ Packet Storm Security Misc. Files

KeyFax Response Management System version 3.2.2.6 suffers from cross site scripting and information disclosure vulnerabilities.
Tags: response keyfax management response-management-system information-disclosure cross-site-scripting

May 02, 2011
17:19
Time And Expense Management System Cross Site Scripting
» ‎ Packet Storm Security Exploits

A reflected cross site scripting vulnerability in Time and Expense Management System can be exploited to execute arbitrary JavaScript.
Tags: management time expense expense-management-system cross-site-scripting vulnerability

17:19
Time And Expense Management System Cross Site Scripting
» ‎ Packet Storm Security Recent Files

A reflected cross site scripting vulnerability in Time and Expense Management System can be exploited to execute arbitrary JavaScript.
Tags: management time expense expense-management-system cross-site-scripting vulnerability

17:19
Time And Expense Management System Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

A reflected cross site scripting vulnerability in Time and Expense Management System can be exploited to execute arbitrary JavaScript.
Tags: management time expense expense-management-system cross-site-scripting vulnerability

April 28, 2011
0:00
Vuln: Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation Vulnerability
Tags: management symantec service privilege-escalation-vulnerability symantec-antivirus corporate-ed

April 21, 2011
5:58
CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
» ‎ Packet Storm Security Advisories

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.
Tags: output web management web-viewer output-management arbitrary-code

5:58
CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
» ‎ Packet Storm Security Recent Files

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.
Tags: output web management web-viewer output-management arbitrary-code

5:58
CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
» ‎ Packet Storm Security Misc. Files

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.
Tags: output web management web-viewer output-management arbitrary-code

April 14, 2011
9:00
Bugtraq: ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability
Tags: management suite sql zdi bugtraq vulnerability
9:00
Bugtraq: ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability
Tags: management suite sql zdi bugtraq vulnerability
9:00
Bugtraq: ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability
Tags: management suite console zdi bugtraq vulnerability
8:00
Bugtraq: ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability
Tags: management suite sql zdi bugtraq vulnerability

April 13, 2011
6:55
Patch Management Crucial To Defend Against Cyber Attacks
» ‎ Packet Storm Security Headlines

Patch Management Crucial To Defend Against Cyber Attacks
Tags: management patch crucial cyber-attacks patch-management

April 12, 2011
14:00
[local exploits] - Cisco Security Agent Management Console ‘st_upload’ RCE Exploit
» ‎ 1337day (was: Inj3ct0r, 1337db)

[local exploits] - Cisco Security Agent Management Console ‘st_upload’ RCE Exploit
Tags: exploit management security agent-management security-agent exploits
14:00
[openbsd/x86] - Cisco Security Agent Management Console ‘st_upload’ RCE Exploit
» ‎ 1337day (was: Inj3ct0r, 1337db)

[openbsd/x86] - Cisco Security Agent Management Console ‘st_upload’ RCE Exploit
Tags: management console security cisco-security agent-management security-agent

7:39
Cisco Security Agent Management Console Command Execution
» ‎ Packet Storm Security Exploits

Cisco Security Agent Management Console st_upload remote command execution exploit.
Tags: management console security command-execution agent-management security-agent

7:39
Cisco Security Agent Management Console Command Execution
» ‎ Packet Storm Security Recent Files

Cisco Security Agent Management Console st_upload remote command execution exploit.
Tags: management console security command-execution agent-management security-agent

7:39
Cisco Security Agent Management Console Command Execution
» ‎ Packet Storm Security Misc. Files

Cisco Security Agent Management Console st_upload remote command execution exploit.
Tags: management console security command-execution agent-management security-agent

April 03, 2011
14:00
[webapps / 0day] - Banner Ad Management Script SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Banner Ad Management Script SQL Injection Vulnerability
Tags: banner day management banner-ad-management script-sql vulnerability

April 02, 2011
16:50
Softbiz Banner Ad Management SQL Injection
» ‎ Packet Storm Security Exploits

Softbiz Banner Ad Management suffers from a remote SQL injection vulnerability.
Tags: softbiz banner management banner-ad-management vulnerability

16:50
Softbiz Banner Ad Management SQL Injection
» ‎ Packet Storm Security Recent Files

Softbiz Banner Ad Management suffers from a remote SQL injection vulnerability.
Tags: softbiz banner management banner-ad-management vulnerability

16:50
Softbiz Banner Ad Management SQL Injection
» ‎ Packet Storm Security Misc. Files

Softbiz Banner Ad Management suffers from a remote SQL injection vulnerability.
Tags: softbiz banner management banner-ad-management vulnerability

March 25, 2011
15:47
Unidesk Management Administrative Bypass
» ‎ Packet Storm Security Exploits

The Unidesk Management Console versions 1.3 and below suffer from a direct access vulnerability that allows an attacker direct access to administrative resources.
Tags: access unidesk management administrative-resources direct-access attacker

15:47
Unidesk Management Administrative Bypass
» ‎ Packet Storm Security Recent Files

The Unidesk Management Console versions 1.3 and below suffer from a direct access vulnerability that allows an attacker direct access to administrative resources.
Tags: access unidesk management administrative-resources direct-access attacker

15:47
Unidesk Management Administrative Bypass
» ‎ Packet Storm Security Misc. Files

The Unidesk Management Console versions 1.3 and below suffer from a direct access vulnerability that allows an attacker direct access to administrative resources.
Tags: access unidesk management administrative-resources direct-access attacker

March 22, 2011
0:00
Vuln: Symantec LiveUpdate Administrator Management GUI HTML Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Symantec LiveUpdate Administrator Management GUI HTML Injection Vulnerability
Tags: management symantec gui management-gui vulnerability

March 21, 2011
12:23
Brief Whitepaper On Risk Management
» ‎ Packet Storm Security Recent Files

This is a brief whitepaper detailing risk management, or Gestion De Riesgos. Written in Spanish.
Tags: management risk whitepaper risk-management

12:23
Brief Whitepaper On Risk Management
» ‎ Packet Storm Security Misc. Files

This is a brief whitepaper detailing risk management, or Gestion De Riesgos. Written in Spanish.
Tags: management risk whitepaper risk-management

March 16, 2011
15:00
[webapps / 0day] - Pointter PHP Content Management System 1.2 Multiple Vulnerabilities
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Pointter PHP Content Management System 1.2 Multiple Vulnerabilities
Tags: management day webapps content-management-system system-1 vulnerabilities

March 01, 2011
14:41
Password Management Site Plugs Info Disclosure Bug
» ‎ Packet Storm Security Headlines

Password Management Site Plugs Info Disclosure Bug
Tags: password site management disclosure plugs

February 20, 2011
14:15
HP Insight Management Agents Full Path Disclosure Vulnerability
» ‎ SecuriTeam

A potential security vulnerability has been identified with HP Insight Management Agents running on Linux and Windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: vulnerability insight management potential-security-vulnerability insight-management management-agents

February 18, 2011
0:00
Vuln: Novell ZENworks Configuration Management TFTPD Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Novell ZENworks Configuration Management TFTPD Remote Code Execution Vulnerability
Tags: novell management tftpd novell-zenworks code-execution configuration-management
February 17, 2011
9:00
Bugtraq: ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability
Tags: upload management security code-execution agent-management security-agent
0:00
Vuln: Novell ZENworks Configuration Management TFTPD Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Novell ZENworks Configuration Management TFTPD Remote Code Execution Vulnerability
Tags: novell management tftpd novell-zenworks code-execution configuration-management
February 16, 2011
13:01
Bugtraq: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability
Tags: advisory center management cisco-security cisco-security-advisory code-execution security-agent

February 07, 2011
2:45
T-Content Management System SQL Injection
» ‎ Packet Storm Security Exploits

T-Content Management System suffers from multiple remote SQL injection vulnerabilities that can allow for authentication bypass.
Tags: system t-content management content-management-system vulnerabilities authentication

January 28, 2011
13:00
Bugtraq: TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
» ‎ SecurityFocus Vulnerabilities

TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
Tags: management symantec security command-execution alert-management security-labs

January 12, 2011
20:22
SAP Management Console Information Disclosure
» ‎ Packet Storm Security Advisories

Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.
Tags: console management sap profile-parameters soap-server information-disclosure

20:22
SAP Management Console Information Disclosure
» ‎ Packet Storm Security Recent Files

Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.
Tags: console management sap profile-parameters soap-server information-disclosure

20:22
SAP Management Console Information Disclosure
» ‎ Packet Storm Security Misc. Files

Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.
Tags: console management sap profile-parameters soap-server information-disclosure

20:18
SAP Management Console Unauthenticated Service Restart
» ‎ Packet Storm Security Advisories

Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.
Tags: management sap service service-vulnerability administration-commands denial-of-service

20:18
SAP Management Console Unauthenticated Service Restart
» ‎ Packet Storm Security Recent Files

Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.
Tags: management sap service service-vulnerability administration-commands denial-of-service

20:18
SAP Management Console Unauthenticated Service Restart
» ‎ Packet Storm Security Misc. Files

Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.
Tags: management sap service service-vulnerability administration-commands denial-of-service

January 08, 2011
8:58
[Slides] Identity and Access Management - Get your User-Accesses under Control!
» ‎ SecDocs

Authors: Rik Van Bruggen
Tags: authentication identity management
Event: Hashdays 2010
Abstract: Strengthened User-Authentication, streamlined Application-Access, enhanced Productivity and simplified Compliance-Reporting - Security Experiences and Live-Demo with Imprivata OneSign.
Tags: access identity management van-bruggen streamlined-application reporting-security
December 22, 2010
21:25
[Slides] Killing the Elephant in the Room - Enterprise Vulnerability Management Tactics
» ‎ SecDocs

Tags: vulnerability assessment vulnerability
Event: Ruxcon 2010
Abstract: Technical conferences often present new and innovative research concerning vulnerability assessment, exploitation and mitigation controls. New offensive and defensive techniques have been evolving for well over a decade. In parallel to this, targeted attacks and the zero-day black-market have created a powerful underground economy that threatens the world’s wealthiest enterprises. Unfortunately in all this madness, the fundamental practice of vulnerability management has been neglected. Large enterprises often have huge IT estates ripe with technicalities, politics, and organisational constraints. It would seem that relying purely on COTS solutions to manage vulnerabilities is deemed an easy way to tick a compliance box but is never a primary fool-proof solution for managing known vulnerabilities. The goal of this presentation is to shift the mindset for how large organizations address the challenges of vulnerability management. A walk-through on architecting and implementing custom vulnerability management technologies will be done - for each component, different options will be presented where possible plus discussion on both technological and process challenges. The presentation will demonstrate that logical analysis and innovation can significantly evolve a typical COTS approach and give a more realist perspective on this difficult domain.
Tags: assessment vulnerability management enterprise-vulnerability vulnerability-assessment proof-solution

December 08, 2010
11:34
HP System Management Homepage Cross Site Scripting
» ‎ Packet Storm Security Exploits

The HP System Management Homepage suffers from multiple cross site scripting vulnerabilities. Versions 3.0.0.68, 3.0.2.77 and 6.1.0.103 have all been found affected.
Tags: system management homepage hp-system management-homepage system-management

11:34
HP System Management Homepage Cross Site Scripting
» ‎ Packet Storm Security Recent Files

The HP System Management Homepage suffers from multiple cross site scripting vulnerabilities. Versions 3.0.0.68, 3.0.2.77 and 6.1.0.103 have all been found affected.
Tags: system management homepage hp-system management-homepage system-management

11:34
HP System Management Homepage Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

The HP System Management Homepage suffers from multiple cross site scripting vulnerabilities. Versions 3.0.0.68, 3.0.2.77 and 6.1.0.103 have all been found affected.
Tags: system management homepage hp-system management-homepage system-management

December 07, 2010
12:43
HP System Management Homepage XSS injection Vulnerability
» ‎ SecuriTeam

An XSS vulnerability has been found within HP system management for HP servers; this arises from insufficient input filtering found within the hpdiags suite of programs. The hpdiags suite of programs was found to be present within Linux versions of HP system management.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: xss system management hp-system hp-servers linux-versions
November 23, 2010
11:15
HP System Management Homepage (SMH) URL Redirection Vulnerability
» ‎ SecuriTeam

A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: system management homepage potential-security-vulnerability hp-system management-homepage
November 22, 2010
12:55
HP System Management Homepage (SMH) Multiple Vulnerabilities
» ‎ SecuriTeam

Potential security vulnerabilities including Cross Site Scripting (XSS) and HTTP Response Splitting have been identified with HP System Management Homepage (SMH) for Linux and Windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: system management homepage hp-system management-homepage safer-use
November 19, 2010
10:56
HP System Management Homepage (SMH) Disclosure of Sensitive Information Vulnerability
» ‎ SecuriTeam

A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: system management homepage potential-security-vulnerability hp-system management-homepage
November 17, 2010
13:31
HP System Management Homepage (SMH) for Linux and Windows Information Disclosure Vulnerability
» ‎ SecuriTeam

A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: system management homepage potential-security-vulnerability information-disclosure-vulnerability hp-system

November 14, 2010
10:55
Pre Hospital Management System SQL Injection
» ‎ Packet Storm Security Exploits

Pre Hospital Management System suffers from a remote SQL injection vulnerability that allow for authentication bypass.
Tags: pre hospital management hospital-management-system vulnerability authentication

10:55
Pre Hospital Management System SQL Injection
» ‎ Packet Storm Security Recent Files

Pre Hospital Management System suffers from a remote SQL injection vulnerability that allow for authentication bypass.
Tags: pre hospital management hospital-management-system vulnerability authentication

10:55
Pre Hospital Management System SQL Injection
» ‎ Packet Storm Security Misc. Files

Pre Hospital Management System suffers from a remote SQL injection vulnerability that allow for authentication bypass.
Tags: pre hospital management hospital-management-system vulnerability authentication

November 12, 2010
0:00
Vuln: LANDesk Management Gateway 'DRIVES' Parameter Remote Command Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

LANDesk Management Gateway 'DRIVES' Parameter Remote Command Execution Vulnerability
Tags: management gateway remote management-gateway command-execution landesk-management

November 04, 2010
15:00
[webapps / 0day] - E-Php Content Management System SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - E-Php Content Management System SQL Injection Vulnerability
Tags: management day webapps php-content-management-system php-content-management content-management-system

October 24, 2010
20:15
HP ProCurve Threat Management Services unauthorized Data Injection and Denial of Service vulnerabilities
» ‎ SecuriTeam

Multiple vulnerabilities were discovered in HP ProCurve Threat Management Services.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: threat management procurve hp-procurve unauthorized-data safer-use
20:10
SAP Management Console Multiple DoS Vulnerabilities
» ‎ SecuriTeam

Multiple denial of service vulnerabilities were discovered in SAP Management Console.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: console management sap safer-use denial-of-service vulnerabilities
October 14, 2010
11:21
HP System Management Homepage Running PHP DoS, XSS and Code Execution Vulnerabilities
» ‎ SecuriTeam

Multiple vulnerabilities were discovered in HP System Management Homepage running PHP.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: system management homepage hp-system management-homepage code-execution

October 13, 2010
0:00
Vuln: Oracle CVE-2010-3534 Local Primavera P6 Enterprise Project Portfolio Management
» ‎ SecurityFocus Vulnerabilities

Oracle CVE-2010-3534 Local Primavera P6 Enterprise Project Portfolio Management
Tags: management oracle enterprise project-portfolio-management enterprise-project
September 14, 2010
0:00
Vuln: HP System Management Homepage Unspecified Information Disclosure Vulnerability.
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage Unspecified Information Disclosure Vulnerability.
Tags: management system information-disclosure-vulnerability hp-system management-homepage

September 07, 2010
2:43
[Slides] Botnet mitigation, monitoring and management
» ‎ SecDocs

Authors: Harshad Patil
Tags: malware botnet
Event: Nullcon 2010

Tags: botnet management mitigation management-authors slides

September 06, 2010
15:21
Micronetsoft Rental Property Management Website SQL Injection
» ‎ 1337day (was: Inj3ct0r, 1337db)

Micronetsoft Rental Property Management Website SQL Injection
Tags: management rental micronetsoft rental-property-management management-website
August 28, 2010
16:25
WebSuite Content Management System SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

WebSuite Content Management System SQL Injection Vulnerability
Tags: system management sql content-management-system vulnerability
August 25, 2010
12:41
TeamMate Audit Management Software Suite DLL Hijacking Exploit
» ‎ 1337day (was: Inj3ct0r, 1337db)

TeamMate Audit Management Software Suite DLL Hijacking Exploit
Tags: management audit teammate management-software-suite audit-management

August 12, 2010
0:00
ZDI-10-145.txt
» ‎ Packet Storm Security Advisories

Zero Day Initiative Advisory 10-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks Remote Management. Access to a single node with Remote Management client installed and configured is required. The specific flaw exists within the storage of Remote Management authentication information on the client. The client utilizes a password stored in the registry that is common among all nodes. This can be exploited by an attacker to execute remote code on any target with the client installed.
Tags: remote client management novell-zenworks remote-management zero-day

August 10, 2010
3:13
OpenFISMA – FISMA Compliance & Risk Management Application
» ‎ Darknet

The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). OpenFISMA is built on a modern, standardized platform called Zend...

Read the full post at darknet.org.uk

Tags: fisma management openfisma read risk-management-framework information-security-management open-source-application Countermeasures

July 28, 2010
0:00
Vuln: HP Insight Control Power Management Unspecified Local Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP Insight Control Power Management Unspecified Local Security Bypass Vulnerability
Tags: management security local-security power-management vulnerability
July 21, 2010
0:00
Vuln: NETGEAR WNDAP330 Management Frame Remote Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

NETGEAR WNDAP330 Management Frame Remote Denial of Service Vulnerability
Tags: management wndap netgear service-vulnerability denial-of-service

July 20, 2010
1:00
Omnistar Drive Management System Multiple Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Omnistar Drive Management System Multiple Vulnerability
Tags: omnistar drive management vulnerability management-system

July 17, 2010
0:34
amss-rfi.txt
» ‎ Packet Storm Security Recent Files

Advanced Management For Services Sites suffers from a remote file inclusion vulnerability.
Tags: txt management service advanced-management rfi vulnerability

0:34
amss-rfi.txt
» ‎ Packet Storm Security Exploits

Advanced Management For Services Sites suffers from a remote file inclusion vulnerability.
Tags: txt management service advanced-management rfi vulnerability

July 16, 2010
1:00
Pre Hospital Management System authentication bypass
» ‎ 1337day (was: Inj3ct0r, 1337db)

Pre Hospital Management System authentication bypass
Tags: system management authentication hospital-management-system
1:00
SoftClones Marketing Management System authentication bypass
» ‎ 1337day (was: Inj3ct0r, 1337db)

SoftClones Marketing Management System authentication bypass
Tags: marketing management softclones marketing-management authentication management-system
1:00
Advneced Management For Services Sites am4ss1.1 (RFI) Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Advneced Management For Services Sites am4ss1.1 (RFI) Vulnerability
Tags: advneced sites management vulnerability

0:00
Vuln: Oracle Business Process Management CVE-2010-2370 Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

Oracle Business Process Management CVE-2010-2370 Cross Site Scripting Vulnerability
Tags: cross management oracle business-process-management oracle-business vulnerability

July 15, 2010
22:02
CORELAN-10-057.txt
» ‎ Packet Storm Security Exploits

Oracle Business Process Management suffers from a cross site scripting vulnerability.
Tags: management oracle corelan business-process-management oracle-business vulnerability

July 13, 2010
1:00
I-net Enquiry management Script SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

I-net Enquiry management Script SQL Injection Vulnerability
Tags: management script enquiry script-sql vulnerability

July 12, 2010
20:44
inetem-sql.txt
» ‎ Packet Storm Security Recent Files

I-net Enquiry Management Script suffers from a remote SQL injection vulnerability.
Tags: txt management enquiry sql-injection vulnerability

20:43
inetem-sql.txt
» ‎ Packet Storm Security Exploits

I-net Enquiry Management Script suffers from a remote SQL injection vulnerability.
Tags: txt management enquiry sql-injection vulnerability

July 10, 2010
1:00
My Kazaam Notes Management System Multiple Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

My Kazaam Notes Management System Multiple Vulnerability
Tags: management kazaam notes vulnerability management-system

July 07, 2010
22:02
simpledocument-sql.txt
» ‎ Packet Storm Security Exploits

Simple Document Management System suffers from a remote SQL injection vulnerability.
Tags: system management simple document-management-system sql-injection vulnerability

0:00
Vuln: Simple Document Management System 'detail.php' SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Simple Document Management System 'detail.php' SQL Injection Vulnerability
Tags: system management detail document-management-system vulnerability

July 06, 2010
1:00
Pre Hospital Management System BSql injection/Auth Bypass Vulnerabilty
» ‎ 1337day (was: Inj3ct0r, 1337db)

Pre Hospital Management System BSql injection/Auth Bypass Vulnerabilty
Tags: pre hospital management hospital-management-system
1:00
IBM Bladecenter Management - Multiple vulnerabilities
» ‎ 1337day (was: Inj3ct0r, 1337db)

IBM Bladecenter Management - Multiple vulnerabilities
Tags: vulnerabilities multiple management ibm-bladecenter

0:00
Vuln: IBM BladeCenter Management Module Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

IBM BladeCenter Management Module Multiple Vulnerabilities
Tags: multiple management module ibm-bladecenter vulnerabilities

June 29, 2010
1:00
Netvolution Content Management System XSS/HTML Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Netvolution Content Management System XSS/HTML Injection Vulnerability
Tags: system management netvolution content-management-system vulnerability
June 19, 2010
1:00
Banner Management Script SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Banner Management Script SQL Injection Vulnerability
Tags: management script sql script-sql banner-management vulnerability

June 16, 2010
0:01
sashotelmngmnt-sql.txt
» ‎ Packet Storm Security Recent Files

SAS Hotel Management System suffers from a remote SQL injection vulnerability.
Tags: management sas sashotelmngmnt-sql hotel-management-system sas-hotel sql-injection

0:00
sashotelmngmnt-sql.txt
» ‎ Packet Storm Security Exploits

SAS Hotel Management System suffers from a remote SQL injection vulnerability.
Tags: management sas sashotelmngmnt-sql hotel-management-system sas-hotel sql-injection

June 15, 2010
1:00
SAS Hotel Management System SQL Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

SAS Hotel Management System SQL Vulnerability
Tags: hotel sas management hotel-management-system sas-hotel vulnerability

June 10, 2010
0:00
Vuln: RETIRED: Content Management System module for PHProjekt 'path_pre' Remote File Include Vulnerability
» ‎ SecurityFocus Vulnerabilities

RETIRED: Content Management System module for PHProjekt 'path_pre' Remote File Include Vulnerability
Tags: content management retired content-management-system remote-file-include-vulnerability
June 09, 2010
0:00
Vuln: Content Management System module for PHProjekt 'path_pre' Remote File Include Vulnerability
» ‎ SecurityFocus Vulnerabilities

Content Management System module for PHProjekt 'path_pre' Remote File Include Vulnerability
Tags: system content management content-management-system remote-file-include-vulnerability

June 02, 2010
22:00
simm-lfi.txt
» ‎ Packet Storm Security Exploits

SIMM Management System suffers from a local file inclusion vulnerability.
Tags: system management simm lfi vulnerability management-system
22:00
amss-disclose.txt
» ‎ Packet Storm Security Exploits

Advanced Management For Services Sites suffers from a file disclosure vulnerability.
Tags: txt management service advanced-management vulnerability disclosure

1:00
Advneced Management For Services Sites (File Disclosure) Vulnerabilities
» ‎ 1337day (was: Inj3ct0r, 1337db)

Advneced Management For Services Sites (File Disclosure) Vulnerabilities
Tags: management service site disclosure
1:00
SIMM Management System (SMS) Local File Inclusion Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

SIMM Management System (SMS) Local File Inclusion Vulnerability
Tags: system management simm vulnerability management-system inclusion

June 01, 2010
13:00
Bugtraq: ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability
Tags: novell management configuration novell-zenworks code-execution zdi

May 31, 2010
4:54
[Slides] Panel: Vulnerability Management
» ‎ SecDocs

Tags: vulnerability
Event: Source Conference Boston 2010
Abstract: Vulnerability management - how tough can it be? Vulnerabilities are identified, categorized, and then (hopefully) fixed through patches or upgrades. Simple enough, right? Actually, the process is far from simple, as anyone who has worked in the area of vulnerability management can tell you. Identifying vulnerabilities through a slew of vendor alerts, vulnerability databases, and third-party references is only the first step. From there, solutions must be identified, fixes obtained and tested, patch and upgrade deployments scheduled, and then monitor the whole mess... until the next patch cycle comes around so you can start the process all over again. This panel will discuss various aspects of the vulnerability management cycle: the assignment of common names for easy identification, using available information to gather appropriate remediation measures, pros and cons of patch testing, and how vulnerability management can be improved as an overall process. Join panelists Chris Wysopal of Veracode, Steven Christey and Bob Martin of MITRE Corporation, Jonathan Klein of Broadridge Financial Solutions, Kelly Todd of Tenable Network Security and moderator Carole Fennelly of Tenable Network Security as they look at vulnerability management: what works, what doesn't work, and what can be done to help improve processes, procedures, and remediation techniques
Tags: vulnerability management process todd jonathan-klein bob-martin steven-christey chris-wysopal boston carole-fennelly remediation-measures

May 22, 2010
1:00
HOSPITAL MANAGEMENT SYSTEM Multiple SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

HOSPITAL MANAGEMENT SYSTEM Multiple SQL Injection Vulnerability
Tags: system hospital management hospital-management-system sql-injection vulnerability
May 21, 2010
1:00
3Com* iMC (Intelligent Management Center) Various XSS
» ‎ 1337day (was: Inj3ct0r, 1337db)

3Com* iMC (Intelligent Management Center) Various XSS
Tags: management imc com intelligent-management management-center xss
1:00
3Com* iMC (Intelligent Management Center) Unauthenticated File Retrieval
» ‎ 1337day (was: Inj3ct0r, 1337db)

3Com* iMC (Intelligent Management Center) Unauthenticated File Retrieval
Tags: management imc com intelligent-management management-center

0:00
PR10-01.txt
» ‎ Packet Storm Security Recent Files

3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Procheckup has discovered that the IMC management console is vulnerable to an unauthenticated directory traversal attack within the reporting functionality.
Tags: imc com management intelligent-management pr10 port-8080
0:00
PR10-02.txt
» ‎ Packet Storm Security Recent Files

3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Various IMC pages are vulnerable to a reflective XSS attack, including the login page. Various pages also disclose information including the SQL sa account password which might be used to assist in carrying out further attacks.
Tags: imc com management intelligent-management pr10 port-8080

0:00
PR10-01.txt
» ‎ Packet Storm Security Exploits

3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Procheckup has discovered that the IMC management console is vulnerable to an unauthenticated directory traversal attack within the reporting functionality.
Tags: imc com management intelligent-management pr10 port-8080
0:00
PR10-02.txt
» ‎ Packet Storm Security Exploits

3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Various IMC pages are vulnerable to a reflective XSS attack, including the login page. Various pages also disclose information including the SQL sa account password which might be used to assist in carrying out further attacks.
Tags: imc com management intelligent-management pr10 port-8080

May 16, 2010
1:00
The iceberg 'Content Management System' SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

The iceberg 'Content Management System' SQL Injection Vulnerability
Tags: content management iceberg content-management-system vulnerability

April 26, 2010
0:00
Vuln: HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability
Tags: management system redirecturl uri-redirection hp-system management-homepage system-management
April 25, 2010
0:00
Vuln: HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability
Tags: management system redirecturl uri-redirection hp-system management-homepage system-management
April 23, 2010
14:00
Bugtraq: ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability
Tags: novell management configuration novell-zenworks code-execution zdi

April 15, 2010
17:00
smsp-disclose.txt
» ‎ Packet Storm Security Exploits

School Management System Pro version 6.0.0 suffers from a backup disclosure vulnerability.
Tags: system management school school-management-system version-6 vulnerability

11:00
Bugtraq: [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability
» ‎ SecurityFocus Vulnerabilities

[DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability
Tags: bladecenter ibm management dos-vulnerability ibm-bladecenter management-module

1:00
IBM BladeCenter Management Module - DoS vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

IBM BladeCenter Management Module - DoS vulnerability
Tags: management vulnerability module dos-vulnerability ibm-bladecenter management-module
April 14, 2010
1:00
School Management System Pro 6.0.0 Backup Dump Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

School Management System Pro 6.0.0 Backup Dump Vulnerability
Tags: system school management school-management-system vulnerability
April 11, 2010
1:00
OnePC mySite Management Software SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

OnePC mySite Management Software SQL Injection Vulnerability
Tags: management onepc mysite software-sql vulnerability management-software

April 07, 2010
0:00
Vuln: Intel Active Management Technology SDK Remote Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Intel Active Management Technology SDK Remote Buffer Overflow Vulnerability
Tags: technology intel management buffer-overflow-vulnerability remote-buffer-overflow remote-buffer-overflow-vulnerability

April 04, 2010
1:00
Advanced Management For Services Sites Bypass Create/Download SQL Backup
» ‎ 1337day (was: Inj3ct0r, 1337db)

Advanced Management For Services Sites Bypass Create/Download SQL Backup
Tags: management service site advanced-management
1:00
Advanced Management Bypass Create/Download SQL Backup Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Advanced Management Bypass Create/Download SQL Backup Vulnerability
Tags: bypass management advanced advanced-management vulnerability

April 03, 2010
13:32
amss-addadmin.txt
» ‎ Packet Storm Security Recent Files

Advanced Management For Services Sites remote add administrator exploit.
Tags: txt management service advanced-management
April 01, 2010
14:01
amss-download.txt
» ‎ Packet Storm Security Recent Files

Advanced Management For Service Sites suffers from a direct access backup creation and download vulnerability.
Tags: txt management advanced advanced-management direct-access vulnerability

14:01
amss-download.txt
» ‎ Packet Storm Security Exploits

Advanced Management For Service Sites suffers from a direct access backup creation and download vulnerability.
Tags: txt management advanced advanced-management direct-access vulnerability

March 11, 2010
5:00
Friendly-Tech FriendlyTR69 CPE Remote Management v2.8.9 SQL Injection
» ‎ 1337day (was: Inj3ct0r, 1337db)

Friendly-Tech FriendlyTR69 CPE Remote Management v2.8.9 SQL Injection
Tags: management remote cpe remote-management

March 10, 2010
8:00
Bugtraq: Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability
Tags: management remote cpe remote-management vulnerability

6:00
Friendly-Tech FriendlyTR69 CPE Remote Management v2.8.9 SQL Injection
» ‎ 1337day (was: Inj3ct0r, 1337db)

Friendly-Tech FriendlyTR69 CPE Remote Management v2.8.9 SQL Injection
Tags: management remote cpe remote-management
February 23, 2010
14:00
Entry Level Content Management System (EL CMS) Sql Injection Exploit
» ‎ 1337day (was: Inj3ct0r, 1337db)

Entry Level Content Management System (EL CMS) Sql Injection Exploit
Tags: system management entry content-management-system sql-injection level-content
February 17, 2010
21:00
Chief Content Management System (news.php) SQL Injection
» ‎ 1337day (was: Inj3ct0r, 1337db)

Chief Content Management System (news.php) SQL Injection
Tags: system management news content-management-system chief-content system-news

February 16, 2010
0:00
Vuln: Intel BIOS System Management Mode Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Intel BIOS System Management Mode Local Privilege Escalation Vulnerability
Tags: management system escalation system-management-mode intel-bios privilege-escalation-vulnerability

February 12, 2010
10:00
Nikiara Fraud Management System XSS Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Nikiara Fraud Management System XSS Vulnerability
Tags: fraud nikiara management fraud-management vulnerability management-system

January 27, 2010
12:00
PR09-15.txt
» ‎ Packet Storm Security Recent Files

HP System Management Homepage (Insight Manager) suffers from a cross site scripting vulnerability.Versions 2.1.15.210, 3.0.0.64, 3.0.0.68, and 3.0.2.7 are affected.
Tags: txt system management insight-manager hp-system management-homepage

12:00
PR09-15.txt
» ‎ Packet Storm Security Exploits

HP System Management Homepage (Insight Manager) suffers from a cross site scripting vulnerability.Versions 2.1.15.210, 3.0.0.64, 3.0.0.68, and 3.0.2.7 are affected.
Tags: txt system management insight-manager hp-system management-homepage

January 20, 2010
0:00
Vuln: HP Power Manager Management Web Server Login Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

HP Power Manager Management Web Server Login Remote Code Execution Vulnerability
Tags: management remote manager hp-power code-execution server-login
0:00
Vuln: Novell ZENWorks Asset Management 'documentID' Parameter SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Novell ZENWorks Asset Management 'documentID' Parameter SQL Injection Vulnerability
Tags: novell management documentid novell-zenworks-asset-management vulnerability

jetlib.sec » Tags » management

Feeds

232 items tagged "management"

Tags: epicor management sql exploitation-techniques returns-management backend-database

Tags: epicor management sql exploitation-techniques returns-management backend-database

Tags: epicor management sql exploitation-techniques returns-management backend-database

Tags: multiple management rights emc-documentum rights-management vulnerabilities

Tags: volunteer php management volunteer-management management-version vulnerability

Tags: volunteer php management volunteer-management management-version vulnerability

Tags: volunteer php management volunteer-management management-version vulnerability

Tags: volunteer php management volunteer-management management-version vulnerability

Tags: volunteer php management volunteer-management management-version vulnerability

Tags: volunteer php management volunteer-management management-version vulnerability

Tags: multiple management volunteer-management vulnerabilities

Tags: cross management system hp-system management-homepage forgery

Tags: cross management system hp-system management-homepage forgery

Tags: bugtraq management command o.s.-command management-interface web-management tsi

Tags: polycom web management model-g3 interface-command management-interface

Tags: polycom web management model-g3 interface-command management-interface

Tags: polycom web management model-g3 interface-command management-interface

Tags: polycom web management directory-traversal-vulnerability model-g3 management-interface

Tags: polycom web management directory-traversal-vulnerability model-g3 management-interface

Tags: polycom web management directory-traversal-vulnerability model-g3 management-interface

Tags: management roommate iou chris sextuplet living-with-others whiteboard home hacks

Tags: cloupia management flexpod directory-traversal-vulnerability jquery-javascript-library host-server

Tags: cloupia management flexpod directory-traversal-vulnerability jquery-javascript-library host-server

Tags: cloupia management flexpod directory-traversal-vulnerability jquery-javascript-library host-server

Tags: dream management enterprise tom-ptacek dave-goldsmith usa enterprise-management-applications dream-of-electric-sheep ptacek

Tags: file management advanced management-version file-management vulnerability

Tags: management day webapps --base content-management-system sql-injection

Tags: management document openkm document-management-system command-execution vulnerability

Tags: management document openkm document-management-system command-execution vulnerability

Tags: management document openkm document-management-system command-execution vulnerability

Tags: management document openkm document-management-system privilege-escalation-vulnerability escalation

Tags: management document openkm document-management-system privilege-escalation-vulnerability escalation

Tags: management document openkm document-management-system privilege-escalation-vulnerability escalation

Tags: management escalation getinstalledpackages privilege-escalation-vulnerability lifestyle-management local-privilege-escalation

Tags: center management inode exe-code code-execution safer-use

Tags: management escalation vulnerability privilege-escalation-vulnerability lifestyle-management

Tags: management code execution root-privilege privilege-escalation-vulnerability lifestyle-management

Tags: management code execution root-privilege privilege-escalation-vulnerability lifestyle-management

Tags: management code execution root-privilege privilege-escalation-vulnerability lifestyle-management

Tags: hat management red command-line-interfaces centralized-authentication red-hat-security

Tags: hat management red command-line-interfaces centralized-authentication red-hat-security

Tags: hat management red command-line-interfaces centralized-authentication red-hat-security

Tags: system management homepage hp-system management-homepage cve

Tags: management system remote hp-system code-execution management-homepage

Tags: digital management rights jennifer-granick digital-rights-management security-2002

Tags: management day webapps web-management management-control asas

Tags: untrusted network management scott-tags usa untrusted-network black-hat security-network

Tags: cross management site cross-site-scripting content-management

Tags: cross management site cross-site-scripting content-management

Tags: cross management site cross-site-scripting content-management

Tags: management content-management-application

Tags: management oracle tlist code-execution oracle-hyperion bugtraq

Tags: management sap retired sap-management code-execution vulnerability

Tags: console management sap valid-username soap execution

Tags: console management sap valid-username soap execution

Tags: console management sap valid-username soap execution

Tags: management teamshatter security security-advisory account-management bugtraq

Tags: management day webapps management-system

Tags: system file management file-management-system sql-injection system-versions

Tags: system file management file-management-system sql-injection system-versions

Tags: system file management file-management-system sql-injection system-versions

Tags: system management member member-management-system system-index vulnerability

Tags: network management security jeremy-rauch asia management-authors black-hat

Tags: com management intelligent intelligent-management code-execution safer-use

Tags: solution management ciscoworks cisco-security lan-management-solution cisco-security-advisory ciscoworks-lan-management-solution

Tags: talk management Pentesting joe-mccray rob-fuller switzerland dirty-little-secrets security-environments speaking-engagements carnal0wnage

Tags: management security infrastructure cisco-asdm daniel-king dan-king cisco-adaptive jeff-jarmoc cisco-pix cisco-bug ben-feinstein

Tags: management security infrastructure cisco-asdm daniel-king dan-king cisco-adaptive jeff-jarmoc cisco-pix cisco-bug ben-feinstein

Tags: management symantec service privilege-escalation-vulnerability symantec-antivirus corporate-ed

Tags: symlink management security security-management-products security-management-system sms-configuration

Tags: symlink management security security-management-products security-management-system sms-configuration

Tags: symlink management security security-management-products security-management-system sms-configuration

Tags: access identity management van-bruggen streamlined-application reporting-security